-1

I have a small mailing php script and I would like to extend it with attachment function (we have a DB for our staff to get contact with them). As far as I understand I need a /tmp folder to be able to upload the attached file - but I need a write permission which would make my site weaker.

Questions:

  • How can I be sure that only the user uploads the given fileformat (without SSL)?
  • Is there any way to make sure noone else would execute a file or upload anything that is malicious?
  • do I need to delete the file after upload or it will be deleted - generally?

I work on a shared host...

Any help would be appreciated.

Andras

ps code is in PHP mail function swift mailer. - apologise for my English and the dummy question:)

TryHarder
  • 249
  • 1
  • 2
  • 13

1 Answers1

0
  • Check it. file may be you (first) friend.
  • Authentication is the key. How should someone execute a file when it hasn't got the execution bit set? And not the file mode to even see the file?
  • Depends on how you implement the upload. But what would be so hard to do a delete(file) anyway?
mailq
  • 16,882
  • 2
  • 36
  • 66